# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # NixOS-WSL specific options are documented on the NixOS-WSL repository: # https://github.com/nix-community/NixOS-WSL { config, lib, pkgs, ... }: let cfg = config.services.forgejo; srv = cfg.settings.server; in { system.stateVersion = "24.11"; nix = { settings = { experimental-features = [ "nix-command" "flakes" ]; }; }; environment.systemPackages = with pkgs; [ git ]; users.users = { # connection only via hashed password; dev = { isNormalUser = true; home = "/home/dev"; description = "User used to manually connect to this system (e.g. for maintenance)"; extraGroups = [ "docker" "wheel" ]; hashesPassword = "TODO"; } }; virtualisation.docker = { enable = true; }; security.acme = { defaults.email = "michael.huebner@ptspaper.de"; acceptTerms = true; }; services = { endlessh = { enable = true; port = 22; }; openssh = { enable = true; ports = [ 23 ]; }; nginx = { enable = true; virtualHosts.${srv.DOMAIN} = { forceSSL = true; enableACME = true; extraConfig = '' client_max_body_size 512M; ''; locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; }; }; forgejo = { enable = true; database.type = "postgres"; lfs.enable = true; settings = { server = { DOMAIN = "localhost"; ROOT_URL = "https://${srv.DOMAIN}"; HTTP_PORT = 3000; SSH_PORT = 62; }; service.DISABLE_REGISTRATION = true; actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "github"; }; }; }; renovate = { enable = true; schedule = "TODO"; credentials = { RENOVATE_TOKEN = "/etc/renovate/token"; }; settings = { endpoint = "http://.de/api/v1/"; persistRepoData = true; platform = "forgejo"; autodiscover = true; onboardingConfig= { extends= ["config:recommended"]; }; prCommitsPerRunLimit= 0; }; }; cron = { enable = true; systemCronJobs = [ "00 03 * * * forgejo sh backup_forgejo.sh -d /var/lib/forgejo -u TODO -s TODO -p TODO" ]; }; }; }